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DETAILED ACTION 



1. 



The IDS of 3/1 1/2003 was received and considered. 



2. 



Claims 1-60 are pending. 



Election/Restrictions 



3. Claims 2-7, 20, 22-27, 40, 42-47 & 60 are withdrawn from further consideration pursuant 
to 37 CFR 1 .142(b) as being drawn to a nonelected species, there being no allowable generic or 
linking claim. Election was made without traverse in the reply filed on 6/27/2005. 



4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 



States and was published under Article 2 1(2) of such treaty in the English language. 
5. Claims 1, 8-9, 19, 21, 28-29, 39, 41, 48-49 & 59 are rejected under 35 U.S.C. 102(e) as 

being anticipated by U.S. Patent 6,070,243 to See et al. (See). 

Regarding claims 1, 19, 21, 39, 41 & 59, See discloses in a network comprising a first 

electronic device/intelligent edge device (Fig. 1, #10) and a second electronic device/network 

management station (Fig. 1, #20), an authentication method comprising authenticating said 

second electronic device/network management station to said first electronic device/intelligent 

edge device (col. 5, lines 43-47), said first electronic device communicatively coupled to said 



Claim Rejections - 35 USC § 102 
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second electronic device (Fig. 1), authenticating said first electronic device to said second 
electronic device (col. 5, lines 43-47), determining a key at said first electronic device and at said 
second electronic device (col. 5, lines 45-47) and authenticating a user to a central authentication 
server (col. 5, lines 59-62, col. 6, lines 4-18 & col. 8, lines 14-48). 

Regarding claims 8, 28 & 48, See discloses a method, wherein the first electronic device 
is a client device/intelligent edge device (Fig. 1, #10) and said second electronic device/network 
management station (Fig. 1, #20) is a central authentication server (Fig. 3 A, #320). 

Regarding claims 9, 29 & 49, See discloses a method, wherein a network 
device/intelligent edge device (Fig. 3A) is employed for providing an interface/ID RLY between 
said client device/intelligent edge (ID REQ) device and said central authentication server (Fig. 

1). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 10-11, 30-3 1 & 50-51 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over See, as applied to claims 9, 29 & 49 above, in view of Applied Cryptography, Second 
Edition by Schneier, in further view of Computer Dictionary, Third Edition by Microsoft. See 
lacks receiving a first standard message from said client device and receiving said first standard 
message at said central authentication server whereby said client device is identified to said 
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central authentication server. However, Schneier teaches a simple mutual authentication 
protocol, where Alice encrypts shared data with Bob's public key and sends it to him to verify 
Alice's authenticity (p. 54, §Mutual Authentication Using the Interlock Protocol, (1) and (5)) and 
Bob does the same in reverse (p. 54, §Mutual Authentication Using the Interlock Protocol, (3) 
and (4)). Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to modify See to use the Interlock protocol, and hence to send a first 
standard message from the client device to the central authentication server to identify the client 
to the server and to send a second standard message from the central authentication server to the 
client to identify the server to the client. One of ordinary skill in the art would have been 
motivated to perform such a modification to permit the client and authentication server to 
mutually authenticate each other, as taught by Schneier (p. 54, §Mutual Authentication Using the 
Interlock Protocol, (l)-(5)). As modified, See lacks explicitly receiving the first standard 
message at said network device and forwarding the message to the central authentication server 
and receiving a second standard message from the central authentication server and forwarding it 
to the client. However, Microsoft teaches that a router is an intermediary device on a 
communications network that expedites message delivery and links many computers together by 
receiving transmitted messages and forwarding then to their correct destinations (p. 415, 
§Router). Therefore, it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to modify See to include a network device/router between the 
client/intelligent edge device and the central authentication server, and hence to receive the first 
standard message from the client and forward the message to the authentication server and to 
receive a second standard message from the authentication server and forward the message to the 
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client. One of ordinary skill in the art would have been motivated to perform such a 
modification to expedite message delivery and link many computers together, as taught by 
Microsoft (p. 415, §Router). 

8. Claims 10-17, 30-37 & 50-57 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over See, as applied to claims 9, 29 & 49 above, in view of "PPP EAP TLS Authentication 
Protocol" by Aboba et al. (Aboba). 

Regarding claims 10, 13, 30, 33, 50 & 53, as described above, See lacks receiving a first 
standard message from said client device and receiving said first standard message at said central 
authentication server whereby said client device is identified to said central authentication server. 
However, Aboba teaches the EAP TLS protocol to permit mutual authentication and key 
exchange between two endpoints (p. 1, §1, f2). The protocol includes receiving a first standard 
message/client response packet (p. 4, |3) from the client to the authenticator (p. 2, §3.1) at a 
network device/authenticator acting as a passthrough (p. 2, §3.1) and forwarding said first 
standard message/client response packet to a central authentication server/RADIUS server or 
backend security server (p. 2, §3.1 & p. 4, %3) and receiving said first standard message/client 
response packet at said central authentication server/RADIUS/EAP server, whereby the client 
device is identified to said central authentication server (p. 4, 1f4). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to receive a 
first message from a client at a network device and forward the message from the network device 
to a central authentication server. One of ordinary skill in the art would have been motivated to 
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perform such a modification to permit mutual authentication and key exchange between two 
endpoints, as taught by Aboba (p. 1 § 1 12, p. 2 §3. 1 & p. 4 13-4). 

Regarding claims 11, 14-15, 31, 34-35, 51 & 54-55, See lacks sending a second standard 
message to the network device from said central authentication server and forwarding the 
message to the client from the network device. However, Aboba teaches the EAP TLS protocol 
to permit mutual authentication and key exchange between two endpoints (p. 1, §1, 12). The 
protocol includes sending a second standard message/server key exchange message (p. 4, 11) to 
the network device/authenticator acting as a passthrough (p. 2, §3.1) and forwarding said second 
standard message to said client, whereby said central authentication server is authenticated to 
said client device (p. 5, 12). Therefore, it would have been obvious to one having ordinary skill 
in the art at the time the invention was made to send a second message from a central 
authentication server to a network device and forward the message from the network device to 
the client. One of ordinary skill in the art would have been motivated to perform such a 
modification to permit mutual authentication and key exchange between two endpoints, as taught 
by Aboba (p. 1 §1 12, p. 2 §3.1 & p. 4 f 3-4). 

Regarding claims 12, 16-17, 32, 36-37, 52 & 56-57, See lacks sending a third message to 
said network device from said client device and forwarding the third message to the central 
authentication server. However, Aboba teaches the EAP TLS protocol to permit mutual 
authentication and key exchange between two endpoints (p. 1, §1, Tf2). The protocol includes 
sending a third message/client key exchange message (p. 4, 1(3-4) to the network 
device/authenticator acting as a passthrough (p. 2, §3.1) and forwarding the message to the 
central authentication server/EAP server (p. 4, 13-4). Therefore, it would have been obvious to 
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one having ordinary skill in the art at the time the invention was made to send a third message 
from the client to a network device and forward the message from the network device to the 
central authentication server. One of ordinary skill in the art would have been motivated to 
perform such a modification to permit mutual authentication and key exchange between two 
endpoints, as taught by Aboba (p. 1 §1 1f2, p. 2 §3.1 & p. 4 13-4). 

9. Claims 18, 38 & 58 are rejected under 35 U.S.C. 103(a) as being unpatentable over See, 
as applied to claims 1, 21 & 41 above, in view of How Networks Work by Derfler et al. 
(Derfler). See lacks the first and second devices being communicatively coupled by a wireless 
connection. However, Derfler teaches that wireless LANs allow users to move around without 
losing their connection (p. 1 14). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to modify See to make use of a wireless LAN 
to couple the first and second devices. One of ordinary skill in the art would have been 
motivated to perform such a modification to enable users to move around without losing their 
connection, as taught by Derfler (p. 1 14). 

Conclusion 

10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (571) 272-3841 . 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4:15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. - 3:15 p.m. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached at (571) 272-3838. 

Any response to this action should be mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571)273-8300 

(for formal communications intended for entry) 



(571) 273-3841 (Examiner's fax, for informal or draft communications, please 
label "PROPOSED" or "DRAFT") 



Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571) 272-2100. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Or: 





MJS 

September 8, 2005 




